[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: [PATCH] Obfuscate auth info

From: L. Wayne Johnson <wayne_at_zk.com>
Date: 2006-10-19 18:46:38 CEST

>>
>> It is *not true* that any password storage mechanism is insecure ...
>> Mac's keychain, or Window's FS encryption certificate, can only be
>> unlocked with the user's password -- that's done exactly once when the
>> user logs in, the session keys are stored in secure memory (presumably)
>> and go away when the user logs out.
>>
>> -- Brane
>>
I am sure you all are aware of this
http://sourceforge.net/projects/ophcrack. This should let you know exactly
how secure your Windows password really is...

I ran it on my laptop and it took about 500 seconds to figure out my 8
character password (Windows XP with service pack 2.) The password uses
random numbers and letters with mixed case. I am not using any of the
updated tables that allow more difficult passwords to be cracked. You can
setup your system so that this is not possible (or at least more difficult.)
I wouldn't even hazard to guess how many people on this list are aware that
this auditing tool even exists ...

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 19 18:47:08 2006

This is an archived mail posted to the Subversion Dev mailing list.